Иногда требуется определить когда пользователь совершил последний вход в систему.
поможет небольшой скрипт на контроллере домена
Add User Account Information to Active Directory Users and Computers
by Daniel Petri – January 7, 2009
How can I add additional user account information option to the Active Directory Users and Computers context menu?
As seen in the Add Unlock User Option to Active Directory Users and Computers article, many of the daily tasks of a network administrator is to monitor user accounts, logo activities, password changes and account options, such as disabling and enabling user accounts, and also looking for logon information for the user account.
One method of viewing additional information about user accounts is by using the Acctinfo.dll add-in for Active Directory Users and Computers (as explained in the View Additional User Information in AD Users and Computers article).
Another method is by adding some right-click (context menu) options to the user account objects. By right-clicking a user object you will be able to view some more information about any user account you want, information that includes the last logon time, the user’s logon script, the last time the user has changed his or her password and so on.
Writing the script
First we need to write a small VBS script (I thank Antid0t for the insight). It will be used as a context menu option on any user account object.
I guess the script could be done in a better way, and if any of you have a good suggestion please send it over .
On Error Resume Next
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
<em> Set wshArguments = WScript.Arguments Set objUser = GetObject(wshArguments(0)) str1 = "Last Login: " & objUser.LastLogin str2 = "Last Logoff: " & objUser.LastLogoff str3 = "Last Failed Login: " & objUser.LastFailedLogin str4 = "Logon Count: " & objUser.logonCount str5 = "Bad Login Count: " & objUser.BadLoginCount str6 = "Password Last Changed: " & objUser.PasswordLastChanged str7 = "User Account Control: " & objUser.userAccountControl str8 = "Login Script: " & objUser.scriptPath str9 = "Account Created: " & objUser.whenCreated str10 = "Account Last Modified: " & objUser.whenChanged MsgBox str1 & vbCrLf & str2 & vbCrLf & str3 & vbCrLf & str4 & vbCrLf & str5 & vbCrLf & str6 & vbCrLf & str7 & vbCrLf & str8 & vbCrLf & str9 & vbCrLf & str10,,objUser.Name </em> |
Save the script as USER_LOGON_INFO.VBS.
Place the script in a share on one of your DCs, preferably in the NETLOGON share, thus replicating it to all of your DCs. Note that this change is a forest wide change, so each and every DC in the forest should have access to this script.
Adding the option to the context menu
You now need to add the context menu options to user account objects in AD. To do so you need the following:
1. ADSIEdit.MSC – found in the Windows 2000/2003 Support Tools (located on the installation CD)
2. Enterprise Admin permissions
User account context menu:
1. After installing the Support Tools, open ADSIEdit.MSC and navigate to the following path:
|
1 2 3 4 5 6 7 |
<em> CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=dpetri,DC=net 4, &Show Logon Info,\\zeus\netlogon\user_logon_info.vbs </em> |
Lamer note: Change the path to fit your own domain name…
2. Right-click on the user-Display object and select Properties.
3. The first attribute in the list of attributes for the object should be adminContextMenu. Double-click it or click on the Edit button.
5. When done, click Add to add the line, then click Ok.
6. Close ADSIEdit.MSC.
Testing
In order to test the context menu addition you’ll need to close DSA.MSC if it was open, and re open it.
Right-click the user account you want to query and select the new context menu – Show Logon Info.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
<em> ************** USER_LOGON_INFO.VBS ************** On Error Resume Next Set wshArguments = WScript.Arguments Set objUser = GetObject(wshArguments(0)) str1 = "Last Login: " & objUser.LastLogin str2 = "Last Logoff: " & objUser.LastLogoff str3 = "Last Failed Login: " & objUser.LastFailedLogin str4 = "Logon Count: " & objUser.logonCount str5 = "Bad Login Count: " & objUser.BadLoginCount str6 = "Password Last Changed: " & objUser.PasswordLastChanged str7 = "User Account Control: " & objUser.userAccountControl str8 = "Login Script: " & objUser.scriptPath str9 = "Account Created: " & objUser.whenCreated str10 = "Account Last Modified: " & objUser.whenChanged MsgBox str1 & vbCrLf & str2 & vbCrLf & str3 & vbCrLf & str4 & vbCrLf & str5 & vbCrLf & str6 & vbCrLf & str7 & vbCrLf & str8 & vbCrLf & str9 & vbCrLf & str10,,objUser.Name </em> |
